- Joined
- May 11, 2018
- Posts
- 3,631
- Solutions
- 5
- Reaction
- 5,768
- Points
- 1,610
Pa help mga master incorrect password po lagi kahit tama naman ininput ko na username and pass sa tingin ko sa pag veverify ng password which is naka hash salt and pepper
here's my code for registration
Ito naman po sa login
PA HELP PO MGA MASTER SANA MATULUNGAN
here's my code for registration
PHP:
<?php
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'it412';
// connect sa database
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if (mysqli_connect_errno())
{
// if naay error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// check kung ang data from the login form was submitted. if the data exists.
if (!isset($_POST['username'], $_POST['password'], $_POST['email']))
{
// if walay data input
exit('Please complete the registration form!');
}
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email']))
{
// if walay data input.
exit('Please complete the registration form');
}
// check kung ang username and password nag exist sa database
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?'))
{
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
echo '<script>alert("Username exists, please choose another!");window.history.back();</script>';
} else
{
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
exit('<script>alert("Email is not valid!");window.history.back();</script>');
}
if (preg_match('/^[a-zA-Z0-9]+$/', $_POST['username']) == 0) {
exit('<script>alert("Username is not valid!");window.history.back();</script>');
}
if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
exit('<script>alert("Password must be strong");window.history.back();</script>');
}
if ($stmt = $con->prepare('INSERT INTO accounts (username, password, email, salt) VALUES (?, ?, ?, ?)'))
{
// Hashing, salting and peppering the password and password_verify if ang user mag login.
$password = $_POST['password'];
$salt = bin2hex($password);
$pepper = 'phcorner';
$pwordsp = $password.$salt.$pepper;
$hash = password_hash($pwordsp, PASSWORD_DEFAULT);
$stmt->bind_param('ssss', $_POST['username'], $hash , $_POST['email'],$salt);
$stmt->execute();
echo '<script>alert("You have successfully registered, you can now login!");window.history.back();</script>';
} else
{
echo 'Could not prepare statement!';
}
}
$stmt->close();
} else
{
echo 'Could not prepare statement!';
}
$con->close();
?>
<script>
setTimeout("location.href = 'index.php';",1800);
</script>Ito naman po sa login
PHP:
<?php
session_start();
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'it412';
// connect sa database.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
// check for errors when connecting to the database.
if ( mysqli_connect_errno() )
{
// if naay error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// check kung ang data from the login form was submitted. if the data exists.
if ( !isset($_POST['username'], $_POST['password']) )
{
// walay data na kuha
exit('Please fill both the username and password fields!');
}
// check if the username exists in the database.
if (isset($_POST['username'], $_POST['password']))
{
// retrieve the hashed password and salt for the provided username from the database.
$stmt = $con->prepare('SELECT password, salt FROM accounts WHERE username = ?');
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// check if the username exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($hashed_password, $salt);
$stmt->fetch();
// verify the password using the provided password and the stored salt.
$pwordsp = $_POST['password'].$salt;
if (password_verify($pwordsp, $hashed_password)) {
// password is correct, log the user in.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
header('Location: landing.php');
} else {
// password is incorrect, show an error message.
echo '<script>alert("Incorrect password!");window.history.back();</script>';
}
} else {
// username doesn't exist, show an error message.
echo '<script>alert("Username not found!");window.history.back();</script>';
}
$stmt->close();
}
?>
<script>
setTimeout("location.href = 'index.php';",1800);
</script>PA HELP PO MGA MASTER SANA MATULUNGAN